Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-09 | CVE-2019-0831 | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
| 2019-04-09 | CVE-2019-0830 | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
| 2019-04-09 | CVE-2019-0817 | Data Processing Errors vulnerability in Microsoft Exchange Server A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. | 5.4 |
| 2019-04-09 | CVE-2019-0814 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
| 2019-04-09 | CVE-2019-0802 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
| 2019-04-09 | CVE-2019-0796 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. | 5.5 |
| 2019-04-09 | CVE-2019-0764 | Argument Injection or Modification vulnerability in Microsoft Edge and Internet Explorer A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'. | 6.5 |
| 2019-04-09 | CVE-2019-0821 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. | 6.5 |
| 2019-04-09 | CVE-2019-0804 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Walinuxagent An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'. | 6.5 |
| 2019-04-09 | CVE-2019-0798 | Cross-site Scripting vulnerability in Microsoft Lync Server and Skype for Business Server A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'. | 6.1 |